Mod_SSL Off-By-One HTAccess Buffer Overflow Vulnerability

Bugtraq ID: 5084
Class: Boundary Condition Error
CVE:
Remote: No
Local: Yes
Published: Jun 22 2002 12:00AM
Updated: Jun 22 2002 12:00AM
Credit: Vulnerability discovery credited to Jedi/Sector One <j@pureftpd.org>.
Vulnerable: mod_ssl mod_ssl 2.8.9
- Apache Apache 1.3.26
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
+ HP Secure OS software for Linux 1.0
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.8
- Apache Apache 1.3.24
mod_ssl mod_ssl 2.8.7
+ Apache Apache 1.3.23
+ MandrakeSoft Multi Network Firewall 2.0
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
mod_ssl mod_ssl 2.8.6
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.1 -1
 + Compaq Compaq Secure Web Server for OpenVMS 1.0 -1
 + Compaq Compaq Secure Web Server for Tru64 5.5.2
mod_ssl mod_ssl 2.8.5
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.1
+ Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 7.0
mod_ssl mod_ssl 2.8.4
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ MandrakeSoft Single Network Firewall 7.2
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.3
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
mod_ssl mod_ssl 2.8.2
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
mod_ssl mod_ssl 2.8.1
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Redhat Secure Web Server 3.2 i386
 mod_ssl mod_ssl 2.8
+ Apache Apache 1.3.22
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14 Mac
 + Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.7 -dev
 + Apache Apache 1.3.6
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Apache Apache 1.2
mod_ssl mod_ssl 2.7.1
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.14
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ EnGarde Secure Linux 1.0.1
mod_ssl mod_ssl 2.7 .0
- Apache Apache 1.3.14
mod_ssl mod_ssl 2.6.6
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6.5
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6.4
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6.3
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6.2
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6.1
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.6 .0
+ Apache Apache 1.3.12
mod_ssl mod_ssl 2.5.1
+ Apache Apache 1.3.11
mod_ssl mod_ssl 2.5 .0
+ Apache Apache 1.3.11
mod_ssl mod_ssl 2.4.10
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.14
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
mod_ssl mod_ssl 2.4.9
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.8
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.7
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.6
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.5
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.4
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.3
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.2
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4.1
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.4 .10
+ Apache Apache 1.3.9
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
mod_ssl mod_ssl 2.4 .0
+ Apache Apache 1.3.9
mod_ssl mod_ssl 2.3.11
+ Apache Apache 1.3.6
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0
Not Vulnerable: mod_ssl mod_ssl 2.8.10
- Apache Apache 1.3.26
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.1


 

Privacy Statement
Copyright 2010, SecurityFocus